When handling personal data, we proceed in accordance with the legal rules of the Czech Republic and the directly applicable regulations of the European Union, particularly with Act No. 110/2019 Coll., on the Personal Data Processing, as amended, Act No. 480/2004 Coll. on Certain Information Society Services and on amending some acts (Act on Certain Information Society Services) and in accordance with the provisions of Article 13 of Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016, General Data Protection Regulation.

In the following lines, we will show you how and for what purpose we process your personal data and who can be its processors. This information is important, so we hope you will find the time and read everything carefully.

Who is your data controller?

STÁTNÍ TISKÁRNA CENIN, státní podnik, Identification No.: 00001279, with its registered office at Růžová 6, čp. 943, 110 00 Prague 1, to process as the controller the personal data according to the conditions below in accordance with the Personal Data Protection Act and GDPR.

What data do we process as controllers?

Product ordering

  • Name and Surname
  • Adress
  • Telephone number
  • Email address

Form completing

  • Name and Surname
  • Telephone number
  • Email address

Registrace účtu

  • Name and Surname
  • Adress
  • Telephone number
  • Email address
  • Password saved in a hashed form

Other indirect data

  • IP address
  • Cookies (for the purpose of offering relevant content just for you and making it easier to browse websites)
  • Browser and operating system version information to ensure that the website is displayed correctly

When is it not necessary to give consent to the personal data processing?

We may process personal data without your consent in the following cases:

  • Performance of a contract, the subject of which is provision of a service or a product.
  • Fulfilment of legal obligations that arise for us from the generally binding legal regulations.
  • Processing within the legitimate interest (e.g. for direct marketing, ensuring safety, and protection of life).

For what purpose do we manage personal data and for how long?

The data may be used for business and marketing purposes, i.e. to maintain a database of website customers and to offer goods and services for the duration of the legal reason for such method of processing and use of personal and other data. In other words, we collect your personal data for you to be able to use our services and to inform you about new products. Read more about the purpose for which we manage individual data according to the place the data is entered.

Product order – We may process personal data entered in ordering goods or services without your express consent for the purpose of performing the contract, i.e. for the purpose of delivery of the goods, or provision of services. Furthermore, we may process the data for the purpose of performing our statutory obligations (especially registration obligations, archiving of tax documents, etc.), and for the purposes of protecting our legal rights.  

We manage the data for 5 years at maximum.

Account registration – We manage personal data with your consent to enable access, administration and maintenance of your user account on this website. Account management helps you facilitate your purchase or use of our services or be offered discounts. We manage the data for the maximum period of 10 years or until you withdraw your consent. Login or order through a registered account is understood as a renewal of your consent to data processing.

Identification and address data can be used by us in accordance with the so-called legitimate interest for the creation of internal statistics. We use anonymised outputs from the aforementioned statistics to improve our services, including analysis of user behaviour and marketing.

Personal data obtained through cookies is processed by us based on your consent (which you can give by confirmation on the web interface after you are notified of the use of cookies, having the opportunity to familiarise yourself with this Policy). We are entitled to process personal data obtained through cookies also if you continue to use the web interface even after you have been notified of your personal data processing. We use personal data obtained through cookies for the purpose of providing user support and improving our services; all this data is completely anonymous and is used primarily for the purposes of site traffic statistics.    

All personal data made available for the aforementioned purposes is provided entirely voluntarily, and expression of the consent is made through active interaction with the box (ticking) indicating consent to data processing or on the basis of a legitimate interest. You make revoke your consent to data processing at any time via email eshop@stc.cz.

Our e-shop is not intended for children under 16. A person under 16 may only use our e-shop with the consent of their legal representative (parent or guardian).

Manifestations of a personal nature

How is my personal data protected?

We try to secure all personal data that we process against leakage or theft. For this reason, we restrict its handling, copying, transfer or access to it just for strictly necessary purposes, for which you have granted your consent, or where the purpose is defined by law. Furthermore, our website has HTTPS protocol (valid SSL certificate), TLS 1.3 and PHP 7.3 or higher for encrypted connection between the website and the user, which minimises the possibility of personal data theft during data transfer (registration, login, sending in the form, etc.). The website is located at safe servers of Fortion Networks, s.r.o. Identification No.: 26397994, with its registered office at Božkovská 307/9, Plzeň, 326 00, registered in the Commercial Register maintained by the Regional Court in Plzeň under file number C 17708.

Who has access to the personal data?

The personal data processing is performed by the Controller within the meaning of the Personal Data Protection Act, but personal data may also be processed for the Controller by other entities (as processors or administrators):

  • Software provider ANT studio s.r.o., Identification No.: 29113229, with its registered office at Slovanská alej 2182/30, 326 00 Plzeň, registered in the Commercial Register maintained by the Regional Court in Plzeň, Section C, File 25698.
  • Česká pošta as the carrier for the purpose of transporting orders to the destination
  • GoPay payment gateway for the purpose of procuring payment transactions

Alternatively, we may entrust other personal data processors or persons (for example, carriers or other persons involved in the performance of the Contract and our obligations), but only to the extent necessary to perform the Contract. We do not transfer the personal data to any other person. Personal and other data we obtain is fully secured against misuse. Personal data shall be processed in electronic form by automated means or in printed form by non-automated means. Your personal data shall not be transferred to countries outside the European Union.

What are my rights relating to personal data protection?

  • Request information from us regarding what personal data of yours we are processing.
  • Ask us for an explanation regarding the personal data processing.
  • Request access to such data from us, and have it updated or corrected.
  • Request us to delete your personal data.
  • Request data transfer.
  • The right to be informed about personal data breach in certain cases.

You may lodge a complaint with the supervisory authority at any time regarding the personal data processing or the failure of the controller to perform the obligations resulting from GDPR. The supervisory authority in the Czech Republic is the Office for Personal Data Protection, with its registered office at Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz.

 

Personal Data Protection Policy updating

 

We are entitled to continuously amend or update the Personal Data Protection Policy. Any changes in this Personal Data Protection Policy shall become effective after they are published on this website.

 

These terms and conditions come into effect on 05/05/2020.

 

Last update of the terms and conditions was carried out on 05/05/2020.